Legal

Privacy policy

How Ziinc, LLC collects, uses, shares, and protects your information when you use matchstaq.

Effective
July 6, 2026
Last updated
July 6, 2026

1. Who we are

matchstaq is an evidence-backed resume tailoring service operated by Ziinc, LLC, a Tennessee limited liability company ("Ziinc," "we," "us," or "our"). This privacy policy explains what personal information we collect when you use matchstaq (the "Service"), why we collect it, who we share it with, and the choices you have.

For the third parties that process data on our behalf, see our Sub-processors page. For how we use cookies, see our Cookie notice.

2. Information we collect

Information you provide

  • Account information. Your email address and name, provided through our authentication provider when you sign up or log in.
  • Profile and resume data. The content you build your profile from — contact details (such as phone number, location, and links), work history, education, skills, certifications, and projects — plus any resumes or documents you upload and the text extracted from them.
  • Repository data. When you connect a code repository, we store repository metadata and selected evidence (file paths, code excerpts, commit identifiers, and detected technologies) used to ground your project bullets.
  • Job targets. The company, role, and job-posting content you provide to tailor a resume.
  • Generated documents. The tailored resumes and cover letters produced for you, including version history.
  • Payment information. If you subscribe, your billing details are collected and processed by our payment processor (Stripe). We do not receive or store your full payment-card number.
  • Communications. Messages you send us for support or other requests.

Information collected automatically

  • Usage and log data. Actions you take in the Service, timestamps, and entitlement/usage counts used to operate features and billing.
  • Device and connection data. IP address, browser type, and similar technical details, including in our audit logs for security-sensitive actions.
  • Essential cookies. Strictly-necessary cookies that keep you signed in. See our Cookie notice.

Information from third parties

  • Identity provider (Auth0). Your authenticated identity and login events.
  • Code hosts (such as GitHub). When you authorize a connection, repository metadata and content you grant access to, plus OAuth tokens (stored encrypted).
  • Payment processor (Stripe). Your subscription status and billing events.

3. How we use your information

We use personal information to:

  • Provide, operate, and maintain the Service, including parsing your inputs and generating tailored resumes and cover letters;
  • Authenticate you and secure your account;
  • Process payments, manage subscriptions, and enforce usage limits;
  • Respond to your requests and provide support;
  • Monitor, debug, and improve reliability and performance;
  • Detect, prevent, and address fraud, abuse, and security incidents; and
  • Comply with legal obligations and enforce our Terms of Service.

Our legal bases (where the GDPR applies) are: performance of our contract with you (to deliver the Service), our legitimate interests (to secure and improve the Service), compliance with legal obligations, and your consent where we ask for it.

4. How we use AI and what we send to AI providers

matchstaq uses third-party AI providers to parse your inputs and generate tailored documents. To do this, we send the relevant content — including your resume and profile data, connected repository evidence, and job-posting text — to those providers.

Your resume and profile data are sent to our AI provider including the personal information they contain (such as your name, contact details, and work history), because tailoring a resume requires that content. Where a task does not require personal data, we minimize what we send.
  • Training. We access these providers through their API or business tiers rather than consumer products. For the provider that generates your tailored documents, the content we send is not used to train its models. For public-repository analysis, only public code is sent (see below) — we do not send your personal data there.
  • Evidence-backed generation. matchstaq is designed so that AI-written claims trace to information you provided; the model is instructed not to invent skills, metrics, employers, or facts. This is a product design goal, not a guarantee of accuracy — see the disclaimer in our Terms of Service.
  • Public repository analysis. When repository analysis is enabled, public repository metadata and public code excerpts may be sent to an analysis provider, keyed to the repository rather than to your identity.

The specific AI and infrastructure providers we use are listed on our Sub-processors page.

5. How we share information

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We share information only as described here:

  • Sub-processors. Vendors that process data on our behalf to run the Service — hosting, authentication, AI processing, payments, code-host integration, and monitoring. See our Sub-processors page.
  • At your direction. When you create a share link for a resume, the content you choose becomes accessible to anyone with the link, subject to the visibility, password, and expiry settings you select.
  • Legal and safety. When required by law, legal process, or to protect the rights, safety, and security of our users, the public, or Ziinc.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

6. Data retention and deletion

We keep personal information for as long as your account is active or as needed to provide the Service. When you delete your account or specific content, we use a soft-delete model with a 30-day restore window, after which the data is permanently purged from our systems and object storage.

  • Connected repository OAuth tokens are revoked immediately when you disconnect an account.
  • Share links can be revoked immediately and are removed on purge.
  • Backups roll off on a schedule aligned to the restore window.
  • We retain a limited set of records longer where required — for example, billing and tax records, and audit logs (retained for approximately one year in anonymized form).

We honor deletion requests within 30 days (or sooner where required by law). An account may be retained beyond these windows if it is subject to a legal hold.

7. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. You can update much of your profile directly in the Service. To exercise other rights, contact us at privacy@ziinc.dev.

United States (including California)

We do not sell your personal information or share it for cross-context behavioral advertising. Where applicable, you have the right to know, access, correct, and delete your personal information, and to not be discriminated against for exercising these rights.

European Economic Area and United Kingdom

Where the GDPR or UK GDPR applies, you may also lodge a complaint with your local data protection authority. We respond to verified requests within the time limits the law requires.

8. Security

We use technical and organizational measures to protect your information, including encryption in transit, encryption of connected-account tokens at rest, access controls, audit logging, and malware scanning of uploaded files. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

9. International users and data transfers

matchstaq is operated from the United States, and your information is stored and processed there and in the locations of our sub-processors. Some of our sub-processors are located in other regions. If you use the Service from outside the United States, you understand that your information will be transferred to and processed in the United Statesand other countries, which may have different data-protection laws than your own.

10. Children's privacy

The Service is not directed to children. You must be at least 18 years old to use matchstaq, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us at privacy@ziinc.dev and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

12. Contact us

For privacy questions or to exercise your rights, contact Ziinc, LLC at privacy@ziinc.dev.

matchstaq is operated by Ziinc, LLC. Questions about this document? Contact privacy@ziinc.dev.